From: "Gerd Hoffmann" <kraxel@redhat.com>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: devel@edk2.groups.io, Pawel Polawski <ppolawsk@redhat.com>,
Guomin Jiang <guomin.jiang@intel.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Xiaoyu Lu <xiaoyu1.lu@intel.com>,
Jordan Justen <jordan.l.justen@intel.com>,
Min Xu <min.m.xu@intel.com>, Jian J Wang <jian.j.wang@intel.com>,
Michael Roth <michael.roth@amd.com>,
Oliver Steffen <osteffen@redhat.com>,
James Bottomley <jejb@linux.ibm.com>,
Erdem Aktas <erdemaktas@google.com>,
Ard Biesheuvel <ardb+tianocore@kernel.org>
Subject: Re: [PATCH v2 00/10] OvmfPkg: add Crypto Driver support
Date: Mon, 13 Feb 2023 12:39:10 +0100 [thread overview]
Message-ID: <20230213113910.mjxt276su2eeqixt@sirius.home.kraxel.org> (raw)
In-Reply-To: <CAMj1kXEr74Px7=CgU_P9gesgJRet_1w1x891gLEBxxyVbXpPuA@mail.gmail.com>
On Fri, Feb 10, 2023 at 02:46:34PM +0100, Ard Biesheuvel wrote:
> On Fri, 10 Feb 2023 at 14:42, Ard Biesheuvel <ardb@kernel.org> wrote:
> >
> > > Can LTO be enabled for the NOOPT build? Or depends that on
> > > optimizations being turned on?
Turns out: kind of. The crypto driver effectively does
if (fixed.pcd.bit)
call libcrypt / libopenssl
else
throw error
With optimizations turned off altogether gcc will not notice it can
evaluate the PCD config bits at compile time, which in turn leads to
everything being compiled in no matter whenever the features are
enabled or not ...
take care,
Gerd
>From e0a080ead544813445f731eef137747ff805a5cd Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 13 Feb 2023 10:21:50 +0100
Subject: [PATCH 1/1] CryptoPkg/Driver: enable moderate optimizations for NOOPT
builds
With optimizations turned off altogether gcc will not evaluate the
(constant) configuration PCDs at compile time (see CALL_BASECRYPTLIB
macro). Which renders LTO ineffective and leads to huge amounts of
dead code being included in the crypto driver builds.
Turn on optimizations for GCC, lowest level (-O1), to fix this.
FIXME: visual studio needs that too.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
CryptoPkg/Driver/CryptoDxe.inf | 3 +++
CryptoPkg/Driver/CryptoPei.inf | 3 +++
CryptoPkg/Driver/CryptoSmm.inf | 3 +++
3 files changed, 9 insertions(+)
diff --git a/CryptoPkg/Driver/CryptoDxe.inf b/CryptoPkg/Driver/CryptoDxe.inf
index 0d08f3a190c8..44921c1fdaa8 100644
--- a/CryptoPkg/Driver/CryptoDxe.inf
+++ b/CryptoPkg/Driver/CryptoDxe.inf
@@ -47,3 +47,6 @@ [Pcd]
[Depex]
TRUE
+
+[BuildOptions]
+ GCC:NOOPT_*_*_CC_FLAGS = -O1
diff --git a/CryptoPkg/Driver/CryptoPei.inf b/CryptoPkg/Driver/CryptoPei.inf
index dfa1ab58b16f..45704f5f9e42 100644
--- a/CryptoPkg/Driver/CryptoPei.inf
+++ b/CryptoPkg/Driver/CryptoPei.inf
@@ -49,3 +49,6 @@ [Pcd]
[Depex]
TRUE
+
+[BuildOptions]
+ GCC:NOOPT_*_*_CC_FLAGS = -O1
diff --git a/CryptoPkg/Driver/CryptoSmm.inf b/CryptoPkg/Driver/CryptoSmm.inf
index 9fe8718823d2..906cf06006f4 100644
--- a/CryptoPkg/Driver/CryptoSmm.inf
+++ b/CryptoPkg/Driver/CryptoSmm.inf
@@ -47,3 +47,6 @@ [Pcd]
[Depex]
TRUE
+
+[BuildOptions]
+ GCC:NOOPT_*_*_CC_FLAGS = -O1
--
2.39.1
next prev parent reply other threads:[~2023-02-13 11:39 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-09 10:26 [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 01/10] CryptoPkg: move Driver PCD configs to include files Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 02/10] CryptoPkg: add CryptoServicePcd.hash_only.dsc.inc Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 03/10] CryptoPkg: add TPM hashes to CryptoServicePcd.min_dxe_smm.dsc.inc Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 04/10] OvmfPkg: add OvmfCrypto*.inc Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 05/10] OvmfPkg: OvmfPkgX64: use crypto includes Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 06/10] OvmfPkg: OvmfPkgIa32X64: " Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 07/10] OvmfPkg: OvmfPkgIa32: " Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 08/10] OvmfPkg: Microvm: " Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 09/10] OvmfPkg: IntelTdx: " Gerd Hoffmann
2023-02-09 10:26 ` [PATCH v2 10/10] OvmfPkg: AmdSev: " Gerd Hoffmann
2023-02-09 16:46 ` [PATCH v2 00/10] OvmfPkg: add Crypto Driver support Ard Biesheuvel
2023-02-10 8:41 ` Gerd Hoffmann
2023-02-10 13:42 ` Ard Biesheuvel
2023-02-10 13:46 ` Ard Biesheuvel
2023-02-13 11:39 ` Gerd Hoffmann [this message]
2023-02-13 11:45 ` [edk2-devel] " Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230213113910.mjxt276su2eeqixt@sirius.home.kraxel.org \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox